We received the file RE-MARKABLE157.EXE and detected that RE-MARKABLE157.EXE is not good.
RE-MARKABLE157.EXE is Adware. You should remove the file RE-MARKABLE157.EXE.
Kill the process RE-MARKABLE157.EXE and remove RE-MARKABLE157.EXE from Windows.
Malware Analysis of RE-MARKABLE157.EXE
Full path on a computer: %Program Files%\Re-Markable-soft\Re-Markable157.exe
Detected by UnHackMe:
RE-MARKABLE157.EXE
Default location: %Program Files%\Re-Markable-soft\Re-Markable157.exe
Removal Results: Success
Number of reboot: 1
RE-MARKABLE157.EXE is known as:
Adware.AD150.B
RE-MARKABLE157.EXE hash:
- MD5: 15aa7cfe82f8051196ecab254e516e1a
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect RE-MARKABLE157.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\System\CurrentControlSet\Services\Re-Markable\ImagePath: “%Program Files%\Re-Markable-soft\Re-Markable157.exe”
- HKLM\System\CurrentControlSet\Services\Re-Markable\DisplayName: “Re-Markable”
Folders:- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja\1.157.0.0_0
- %Temp%\1B05CC9C-BAB0-7891-91B2-AD7773C0C025
- %Temp%\1B05CC9C-BAB0-7891-91B2-AD7773C0C025\HtmlScreens
- %Temp%\nsd3.tmp
- %Program Files%\Re-Markable-soft
- %SysDir%\GroupPolicy
- %SysDir%\GroupPolicy\Machine
- %SysDir%\GroupPolicy\User
Files:- %Appdata%\Mozilla\Firefox\Profiles\profile.default\user.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja\1.157.0.0_0\b.html
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja\1.157.0.0_0\b.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja\1.157.0.0_0\c.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja\1.157.0.0_0\icon128.png
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja\1.157.0.0_0\icon16.png
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja\1.157.0.0_0\icon48.png
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja\1.157.0.0_0\manifest.json
- %Temp%\1B05CC9C-BAB0-7891-91B2-AD7773C0C025\BuenoSearchTB-010.txt
- %Temp%\1B05CC9C-BAB0-7891-91B2-AD7773C0C025\HtmlScreens\loading.html
- %Temp%\1B05CC9C-BAB0-7891-91B2-AD7773C0C025\HtmlScreens\navError.html
- %Temp%\1B05CC9C-BAB0-7891-91B2-AD7773C0C025\HtmlScreens\pBar.gif
- %Temp%\1B05CC9C-BAB0-7891-91B2-AD7773C0C025\HtmlScreens\Thumbs.db
- %Temp%\1B05CC9C-BAB0-7891-91B2-AD7773C0C025\IEHelper.dll
- %Temp%\1B05CC9C-BAB0-7891-91B2-AD7773C0C025\Setup.exe
- %Temp%\1B05CC9C-BAB0-7891-91B2-AD7773C0C025\SetupStrings.dat
- %Temp%\1B05CC9C-BAB0-7891-91B2-AD7773C0C025\stp_tbinst.dat
- %Temp%\BuenoSearchTB.exe
- %Temp%\GetCC.dll
- %Temp%\nsd3.tmp\CLR.dll
- %Temp%\nsd3.tmp\inetc.dll
- %Temp%\nsd3.tmp\System.dll
- %Temp%\nsy2.tmp
- %Temp%\Re-Markable_2040-4041.exe
- %Temp%\SendMsg.dll
- %Temp%\upr7.tmp
- %AllUsersProfile%\ntuser.pol
- %Program Files%\Re-Markable-soft\157.crx
- %Program Files%\Re-Markable-soft\157.dat
- %Program Files%\Re-Markable-soft\157.xpi
- %Program Files%\Re-Markable-soft\a.db
- %Program Files%\Re-Markable-soft\b.db
- %Program Files%\Re-Markable-soft\Re-Markable157.bin
- %Program Files%\Re-Markable-soft\Re-Markable157.exe
- %Program Files%\Re-Markable-soft\Re-Markable157.ini
- %Program Files%\Re-Markable-soft\Re-Markable_wd.exe
- %Program Files%\Re-Markable-soft\ReMar.exe
- %Program Files%\Re-Markable-soft\Sqlite3.dll
- %Program Files%\Re-Markable-soft\Uninstall.exe
- %SysDir%\GroupPolicy\gpt.ini
- %SysDir%\GroupPolicy\Machine\Registry.pol
- %WinDir%\Tasks\Re-Markable Update.job
- %WinDir%\Tasks\Re-Markable_wd.job